Alleged Master Keys for the Dharma Ransomware Released on BleepingComputer.com

Out of the blue, someone posted in the BleepingComputer.com forums the supposed master decryption keys for the Dharma Ransomware. This post was created at 1:42 PM EST by a member named gektar in the Dharma Ransomware Support Topic and contained a Pastebin link to a C header file that supposedly contains these master decryption keys.

BleepingComputer.com post about Dharma Keys being Released

If these keys are the valid then anyone who was previously infected by Dharma will be able to get their files back for free. At this point, it is not known whether the released keys are actually valid. They have been provided to Kaspersky who is examining them, and if they are valid, will release a decryptor.

With that said, there is a good chance that the keys are valid. This is because the keys for Crysis, on which Dharma is based, were released in the same manner on our forums in the past. Using these keys Kaspersky was able to update their ransomware decryptor to help Crysis victims for free.

As for the poster, it is not known why they released the keys and whether or not they are affiliated with the ransomware.

Header file posted to Pastebin

When Kaspersky verifies if the keys are valid, we will be sure to post an article on how to use their decryptor to get victim's files back for free.

Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.